winsup\cygwin\path.cc issues
Ken Harris
Ken.Harris@mathworks.com
Wed May 2 13:49:00 GMT 2018
Hi:
While originally investigating a sporadic failure in MSYS2, I believe I found that its origin may actually be within Cygwin.
Given the following command sequence on cygwin64 in a CMD.EXE command prompt (on Windows 10 x64 if it matters).
cd C:\Cygwin64\bin
echo.exe running \âtest\â logging to ../../../my.log
two problems appear:
#1 â line 2802 in https://cygwin.com/git/gitweb.cgi?p=newlib-cygwin.git;a=blob;f=winsup/cygwin/path.cc;h=a132a0a7e0418ba921eefab72fade9930baadff3;hb=HEAD
pointer âpâ will underflow if a backslash is not found in âpathâ.
It may be that it finds an (unrelated) backslash in someone elseâs buffer and fails benignlyâ¦but in MSYS2, Iâve see it bump up against unmapped address space a fail very cryptically (as an access violation early in dcrt0.cc initialization before the signal handler is installed).
#2 â The reason it fails to find its expected backslash appears within path.cc again beginning on line 1381, when a drive-letter is inserted into destination path. Later in normalize_win32_path(), when â../â expressions are applied (i.e. lines 1421 and 1441), these calculations donât take into account the size of the inserted drive letter (plus colon) and results in overwriting the top-most slash with pathname characters â which then exercises issue #1.
If echo doesnât crash, there doesnât appear to be any obvious evidence of this error. In fact, from debugging a recent version of Cygwinâs âecho.exeâ, it looked like the environment block occupying memory at a lower address than âpathâ contained plenty of backslashes to break line 2802âs loop. In MSYS2, it seems occasionally (though not always), memory below âpathâ pointer will _not_ contain a backslash. The result seems to be just C0000005 returned by the echo.exe process.
Iâm not familiar with how to build Cygwin so I havenât verified this with putting an assert in code. I did debug echo.exe with WinDBG and following how the caller of NtCreateFile handles C0000034 return value (which least to the âpâ underflow), watched the disassembly for line 2802:
cygwin1!setpassent+0x22a3:
00000001`800de563 8078ff5c cmp byte ptr [rax-1],5Ch ds:00000006`0000ffee=00
march down lower than the path string:
00000006`0000fff0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ..................
00000006`00010002 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ..................
00000006`00010014 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ..................
00000006`00010026 00 00 13 80 00 00 00 00 00 00 43 3a 43 6d 79 2e 6c 6f ..........C:Cmy.lo
00000006`00010038 67 00 20 46 69 6c 65 73 5c 4d 41 54 4c 41 42 00 52 32 g. Files\MATLAB.R2
00000006`0001004a 30 31 38 62 00 6c 6e 6b 00 00 00 00 00 00 00 00 00 00 018b.lnk..........
00000006`0001005c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ..................
00000006`0001006e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ..................
Hope you find this of use.
Thanks,
-ken
ТÒÐÐ¥&ö&ÆVÒ&W÷'G3¢GG¢òö7wvâæ6öÒ÷&ö&ÆV×2æFÖÀФd¢GG¢òö7wvâæ6öÒöfðФFö7VÖVçFFöã¢GG¢òö7wvâæ6öÒöFö72æFÖÀÐ¥Vç7V'67&&Ræfó¢GG¢òö7wvâæ6öÒöÖÂò7Vç7V'67&&R×6×ÆPÐ Ð
More information about the Cygwin
mailing list